The Internet of Things

Thanks for attending our second annual Cybersafe Day event and for subscribing to the monthly CISO Update.  The Update will focus on new trends in cybersafety that could impact the FIT community.

 

There was a lot of talk during the panel discussions about the Internet of Things (IoT).  IoT refers to all those devices that are attached to the Internet that aren’t computers.  Cell phones and tablets are obvious examples, but the IoT also includes security cameras, baby monitors, smart watches, automobiles, and medical devices, just to name a few.  IoT devices pose interesting security threats on at least 3 levels:

 

  1. They gather huge amounts of data.  Your Fitbit or similar device is like a literal Santa Claus, knowing when you’re sleeping or awake.  All of that data is gathered, analyzed, and sold.  That raises significant privacy concerns, not to mention the security risks of that data being breached, especially as it gets passed and sold among many parties.
  2. They are consumer devices. As such they are sold in a very cost-competitive market.  Many manufacturers are reluctant to spend the few extra dollars it would take to secure their cameras and baby monitors, for fear of being undersold.
  3. They are tough to secure.  IoT devices come with a default password, and most users don’t take the time to change it.  Additionally, if a security vulnerability is discovered in an IoT device, there often isn’t a way to update it.  It’s hard to patch a pacemaker.

 

 Here are a few tips to reduce the risks:

 

  1. Change default passwords.  Most attacks on IoT devices leverage the default password.
  2. Turn off functions you don’t plan to use.  Do you really need to remote-control your vacuum cleaner from across the world?
  3. If your device has a way to accept updates, apply them.
  4. Put a strong password and encryption on your home Wi-Fi.  For attackers, your Wi-Fi network is the gateway to every device you own.

The IoT gives us tremendous convenience.  It allows us to check on our homes while we are at work and to track our health and fitness information.  However, being mindful of best security practices for IoT devices will help keep you Cybersafe. 

 

About Cybersafe

The Division of Information Technology is dedicated to informing the community of the latest cybersecurity threats. Visit fitnyc.edu/cybersafe and stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT.

 

-Walter Kerner

Assistant Vice-President and Chief Information Security Officer